[Samba] ldap pdc and rejoining domains

Buchan Milne bgmilne at cae.co.za
Tue Jul 8 13:31:12 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Message: 14
> Date: Mon, 07 Jul 2003 17:30:23 +0100
> From: Duncan Brannen <dbb at st-andrews.ac.uk>
> Subject: [Samba] ldap pdc and rejoining domains
> To: samba at lists.samba.org
> Message-ID: <5.2.0.9.0.20030707171818.02689880 at vulture>
> Content-Type: text/plain; charset="us-ascii"; format=flowed
>
>
> Afternoon all,
> 	
> I've got a problem I hope somebody can help me with.
>
> We've got samba working as a PDC to windows 2000 machines
> with LDAP as the backend.
>
> It's fine until we start distributing the load over multiple LDAP servers.
>
> I've changed the configuration in the pam ldap stuff (on Solaris using
padl) to
> point at a slave LDAP server (replacing /etc/passwd)
>
> What I'm not clear on is what happens when we rebuild a machine.
>
> We reinstall the machine & try to create a new domain account.
> That fails because it already exists
> Machine then tries to rejoin domain setting up new SID/password (???)
>
> smb.conf points at the ldap-slave
> smbldap_tools stuff points at ldap master
> pam.conf stuff points at ldap slave
>
> which one is samba using to rejoin the domain.  I guess it's smb.conf or
> pam.conf
> since before I had referrals working properly changes were being made to
> the slave.
>
> If it's smb.conf, does it understand referrals?  If not, is it
possible to
> use a slave
> ldap server with samba?
>

Depends which version of samba. IIRC, referral support was added in
2.2.8 or 2.2.8a, although there are patches available for 2.2.7a
(Mandrake packages had it since 2.2.7a-3mdk for example, so current
update packages have it).

If you have a recent samba, it should all work without problems, except
when actually joining to a BDC (but I think there is a workaround in the
webpage I link to below).

> Sorry if I seem confused - it's cos I am

BTW, I have covered some aspects which aren't really well documented in
other places here:

http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/CsefrJK6UGDSBKcRAn58AKC81WSafYS0lbGkBeNbwnFmmx9K1ACfbP79
eu4wqUoGSSLgn+fy72uMLVg=
=44pk
-----END PGP SIGNATURE-----

******************************************************************
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer or send an e-mail to info at cae.co.za for a copy.
******************************************************************



More information about the samba mailing list